CVE-2015-5122 - Vulnerability Details

Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

This CVE is in the KEV database since April 13, 2022.

Exploitation active

Automatable yes

Technical Impact total

Vendors	Products
Adobe	Flash Player Flash Player Desktop Runtime
Apple	Macos
Linux	Linux Kernel
Microsoft	Windows Windows 8 Windows 8.1
Opensuse	Evergreen
Redhat	Enterprise Linux Desktop Enterprise Linux Server Enterprise Linux Server Eus Enterprise Linux Workstation Rhel Extras
Suse	Linux Enterprise Desktop Linux Enterprise Workstation Extension

Configuration 1 [-]

AND

OR	cpe:2.3:a:adobe:flash_player:::::esr:::*
	cpe:2.3:a:adobe:flash_player::::::chrome::*
	cpe:2.3:a:adobe:flash_player_desktop_runtime::::::::

OR	cpe:2.3:o:apple:macos:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

OR	cpe:2.3:a:adobe:flash_player::::::internet_explorer_10::*
	cpe:2.3:a:adobe:flash_player::::::internet_explorer_11::*

OR	cpe:2.3:o:microsoft:windows_8:-:::::::*
	cpe:2.3:o:microsoft:windows_8.1:-:::::::*

Configuration 4 [-]

AND

cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 5 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:opensuse:evergreen:11.4:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:12:::::::*
	cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:::::::*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 5 Supplementary
flash-plugin-0:11.2.202.491-1.el5	cpe:/a:redhat:rhel_extras:5	RHSA-2015:1235	2015-07-16T00:00:00Z
Supplementary for Red Hat Enterprise Linux 6
flash-plugin-0:11.2.202.491-1.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2015:1235	2015-07-16T00:00:00Z

References

Link	Providers
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html
http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html
http://marc.info/?l=bugtraq&m=144050155601375&w=2
http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html
http://rhn.redhat.com/errata/RHSA-2015-1235.html
http://www.kb.cert.org/vuls/id/338736
http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf
http://www.securityfocus.com/bid/75712
http://www.securitytracker.com/id/1032890
http://www.us-cert.gov/ncas/alerts/TA15-195A
https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784
https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467
https://helpx.adobe.com/security/products/flash-player/apsa15-04.html
https://helpx.adobe.com/security/products/flash-player/apsb15-18.html
https://nvd.nist.gov/vuln/detail/CVE-2015-5122
https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/
https://perception-point.io/new/breaking-cfi.php
https://security.gentoo.org/glsa/201508-01
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://www.cve.org/CVERecord?id=CVE-2015-5122
https://www.exploit-db.com/exploits/37599/
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html

History

Tue, 04 Feb 2025 22:15:00 +0000

Type	Values Removed	Values Added
Metrics		kev `{'dateAdded': '2022-04-13'}` ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'active', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Wed, 14 Aug 2024 00:00:00 +0000

Type	Values Removed	Values Added
References		https://www.cisa.gov/known-exploited-vulnerabilities-catalog

MITRE

Status: PUBLISHED

Assigner: adobe

Published: 2015-07-14T10:00:00.000Z

Updated: 2025-02-04T21:56:40.596Z

Reserved: 2015-06-26T00:00:00.000Z

Link: CVE-2015-5122

Vulnrichment

Updated: 2024-08-06T06:32:32.895Z

NVD

Status : Analyzed

Published: 2015-07-14T10:59:00.213

Modified: 2025-02-14T16:09:11.280

Link: CVE-2015-5122

Redhat

Severity : Critical

Publid Date: 2015-07-10T00:00:00Z

Links: CVE-2015-5122 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-10T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-11-23T04:57:01.000Z", "orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe"}, "references": [{"name": "1032890", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032890"}, {"name": "SUSE-SU-2015:1255", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html"}, {"name": "HPSBMU03409", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467"}, {"tags": ["x_refsource_MISC"], "url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html"}, {"name": "TA15-195A", "tags": ["third-party-advisory", "x_refsource_CERT"], "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html"}, {"name": "SUSE-SU-2015:1258", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html"}, {"name": "GLSA-201508-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201508-01"}, {"tags": ["x_refsource_MISC"], "url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf"}, {"name": "HPSBHF03509", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"name": "RHSA-2015:1235", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html"}, {"name": "SSRT102253", "tags": ["vendor-advisory", "x_refsource_HP"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"name": "VU#338736", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/338736"}, {"name": "37599", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/37599/"}, {"name": "75712", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75712"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html"}, {"name": "openSUSE-SU-2015:1267", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html"}, {"tags": ["x_refsource_MISC"], "url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html"}, {"tags": ["x_refsource_MISC"], "url": "https://perception-point.io/new/breaking-cfi.php"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "psirt@adobe.com", "ID": "CVE-2015-5122", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1032890", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032890"}, {"name": "SUSE-SU-2015:1255", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html"}, {"name": "HPSBMU03409", "refsource": "HP", "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467", "refsource": "CONFIRM", "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467"}, {"name": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html", "refsource": "MISC", "url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html"}, {"name": "TA15-195A", "refsource": "CERT", "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html"}, {"name": "SUSE-SU-2015:1258", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html"}, {"name": "GLSA-201508-01", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201508-01"}, {"name": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf", "refsource": "MISC", "url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf"}, {"name": "HPSBHF03509", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"name": "RHSA-2015:1235", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html"}, {"name": "SSRT102253", "refsource": "HP", "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"name": "VU#338736", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/338736"}, {"name": "37599", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/37599/"}, {"name": "75712", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75712"}, {"name": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html", "refsource": "MISC", "url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html"}, {"name": "openSUSE-SU-2015:1267", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html"}, {"name": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/", "refsource": "MISC", "url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/"}, {"name": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html", "refsource": "CONFIRM", "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html"}, {"name": "https://perception-point.io/new/breaking-cfi.php", "refsource": "MISC", "url": "https://perception-point.io/new/breaking-cfi.php"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:32.895Z"}, "title": "CVE Program Container", "references": [{"name": "1032890", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032890"}, {"name": "SUSE-SU-2015:1255", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html"}, {"name": "HPSBMU03409", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html"}, {"name": "TA15-195A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"], "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html"}, {"name": "SUSE-SU-2015:1258", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html"}, {"name": "GLSA-201508-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201508-01"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf"}, {"name": "HPSBHF03509", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"name": "RHSA-2015:1235", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html"}, {"name": "SSRT102253", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"name": "VU#338736", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/338736"}, {"name": "37599", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/37599/"}, {"name": "75712", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/75712"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html"}, {"name": "openSUSE-SU-2015:1267", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://perception-point.io/new/breaking-cfi.php"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-02-04T21:56:35.709161Z", "id": "CVE-2015-5122", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-04-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-5122"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:56:40.596Z"}}]}, "cveMetadata": {"assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "assignerShortName": "adobe", "cveId": "CVE-2015-5122", "datePublished": "2015-07-14T10:00:00.000Z", "dateReserved": "2015-06-26T00:00:00.000Z", "dateUpdated": "2025-02-04T21:56:40.596Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.securitytracker.com/id/1032890", "name": "1032890", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html", "name": "SUSE-SU-2015:1255", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2", "name": "HPSBMU03409", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://www.us-cert.gov/ncas/alerts/TA15-195A", "name": "TA15-195A", "tags": ["third-party-advisory", "x_refsource_CERT", "x_transferred"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html", "name": "SUSE-SU-2015:1258", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://security.gentoo.org/glsa/201508-01", "name": "GLSA-201508-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"]}, {"url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784", "name": "HPSBHF03509", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html", "name": "RHSA-2015:1235", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784", "name": "SSRT102253", "tags": ["vendor-advisory", "x_refsource_HP", "x_transferred"]}, {"url": "http://www.kb.cert.org/vuls/id/338736", "name": "VU#338736", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"]}, {"url": "https://www.exploit-db.com/exploits/37599/", "name": "37599", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"]}, {"url": "http://www.securityfocus.com/bid/75712", "name": "75712", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"]}, {"url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html", "name": "openSUSE-SU-2015:1267", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"]}, {"url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://perception-point.io/new/breaking-cfi.php", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T06:32:32.895Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2015-5122", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-04T21:56:35.709161Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2022-04-13", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2015-5122"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-04T21:56:24.533Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-07-10T00:00:00.000Z", "references": [{"url": "http://www.securitytracker.com/id/1032890", "name": "1032890", "tags": ["vdb-entry", "x_refsource_SECTRACK"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html", "name": "SUSE-SU-2015:1255", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2", "name": "HPSBMU03409", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html", "tags": ["x_refsource_MISC"]}, {"url": "http://www.us-cert.gov/ncas/alerts/TA15-195A", "name": "TA15-195A", "tags": ["third-party-advisory", "x_refsource_CERT"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html", "name": "SUSE-SU-2015:1258", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://security.gentoo.org/glsa/201508-01", "name": "GLSA-201508-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"]}, {"url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf", "tags": ["x_refsource_MISC"]}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784", "name": "HPSBHF03509", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html", "name": "RHSA-2015:1235", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784", "name": "SSRT102253", "tags": ["vendor-advisory", "x_refsource_HP"]}, {"url": "http://www.kb.cert.org/vuls/id/338736", "name": "VU#338736", "tags": ["third-party-advisory", "x_refsource_CERT-VN"]}, {"url": "https://www.exploit-db.com/exploits/37599/", "name": "37599", "tags": ["exploit", "x_refsource_EXPLOIT-DB"]}, {"url": "http://www.securityfocus.com/bid/75712", "name": "75712", "tags": ["vdb-entry", "x_refsource_BID"]}, {"url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html", "tags": ["x_refsource_MISC"]}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html", "name": "openSUSE-SU-2015:1267", "tags": ["vendor-advisory", "x_refsource_SUSE"]}, {"url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/", "tags": ["x_refsource_MISC"]}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://perception-point.io/new/breaking-cfi.php", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "078d4453-3bcd-4900-85e6-15281da43538", "shortName": "adobe", "dateUpdated": "2018-11-23T04:57:01.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "n/a"}]}, "product_name": "n/a"}]}, "vendor_name": "n/a"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securitytracker.com/id/1032890", "name": "1032890", "refsource": "SECTRACK"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html", "name": "SUSE-SU-2015:1255", "refsource": "SUSE"}, {"url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2", "name": "HPSBMU03409", "refsource": "HP"}, {"url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467", "name": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467", "refsource": "CONFIRM"}, {"url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html", "name": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html", "refsource": "MISC"}, {"url": "http://www.us-cert.gov/ncas/alerts/TA15-195A", "name": "TA15-195A", "refsource": "CERT"}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html", "name": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html", "refsource": "CONFIRM"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html", "name": "SUSE-SU-2015:1258", "refsource": "SUSE"}, {"url": "https://security.gentoo.org/glsa/201508-01", "name": "GLSA-201508-01", "refsource": "GENTOO"}, {"url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf", "name": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf", "refsource": "MISC"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784", "name": "HPSBHF03509", "refsource": "HP"}, {"url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html", "name": "RHSA-2015:1235", "refsource": "REDHAT"}, {"url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784", "name": "SSRT102253", "refsource": "HP"}, {"url": "http://www.kb.cert.org/vuls/id/338736", "name": "VU#338736", "refsource": "CERT-VN"}, {"url": "https://www.exploit-db.com/exploits/37599/", "name": "37599", "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/bid/75712", "name": "75712", "refsource": "BID"}, {"url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html", "name": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html", "refsource": "MISC"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html", "name": "openSUSE-SU-2015:1267", "refsource": "SUSE"}, {"url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/", "name": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/", "refsource": "MISC"}, {"url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html", "name": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html", "refsource": "CONFIRM"}, {"url": "https://perception-point.io/new/breaking-cfi.php", "name": "https://perception-point.io/new/breaking-cfi.php", "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2015-5122", "STATE": "PUBLIC", "ASSIGNER": "psirt@adobe.com"}}}}, "cveMetadata": {"cveId": "CVE-2015-5122", "state": "PUBLISHED", "dateUpdated": "2025-02-04T21:56:40.596Z", "dateReserved": "2015-06-26T00:00:00.000Z", "assignerOrgId": "078d4453-3bcd-4900-85e6-15281da43538", "datePublished": "2015-07-14T10:00:00.000Z", "assignerShortName": "adobe"}, "dataVersion": "5.1"}

{"cisaActionDue": "2022-05-04", "cisaExploitAdd": "2022-04-13", "cisaRequiredAction": "The impacted product is end-of-life and should be disconnected if still in use.", "cisaVulnerabilityName": "Adobe Flash Player Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:esr:*:*:*", "matchCriteriaId": "17769E33-3CBA-475B-8CC6-263F38B548DD", "versionEndIncluding": "13.0.0.302", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "matchCriteriaId": "31C75D4E-31EC-4889-8DAF-559B9FECBBB7", "versionEndIncluding": "18.0.0.203", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player_desktop_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "71F9E1A3-B61E-4949-86B0-C252943072ED", "versionEndIncluding": "18.0.0.203", "versionStartIncluding": "18.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:chrome:*:*", "matchCriteriaId": "F160BA87-34AD-4E34-8605-EDE5048CF618", "versionEndIncluding": "18.0.0.204", "versionStartIncluding": "18.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_10:*:*", "matchCriteriaId": "672576D9-06C2-4564-9853-7E6991E30710", "versionEndIncluding": "18.0.0.203", "versionStartIncluding": "18.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:internet_explorer_11:*:*", "matchCriteriaId": "E72C2D81-2088-482F-9BD3-D11A205D53CD", "versionEndIncluding": "18.0.0.203", "versionStartIncluding": "18.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows_8:-:*:*:*:*:*:*:*", "matchCriteriaId": "0D229E41-A971-4284-9657-16D78414B93F", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows_8.1:-:*:*:*:*:*:*:*", "matchCriteriaId": "E93068DB-549B-45AB-8E5C-00EB5D8B5CF8", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:adobe:flash_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "638F2736-01BF-4AF8-9215-C1E81B1DC9EE", "versionEndIncluding": "11.2.202.481", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "133AAFA7-AF42-4D7B-8822-AA2E85611BF5", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "54D669D4-6D7E-449D-80C1-28FA44F06FFE", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "C18E3368-8980-45D2-AD3F-5BF385ABA693", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "D0AC5CD5-6E58-433C-9EB3-6DFE5656463E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:evergreen:11.4:*:*:*:*:*:*:*", "matchCriteriaId": "CCE4D64E-8C4B-4F21-A9B0-90637C85C1D0", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp3:*:*:*:*:*:*", "matchCriteriaId": "3ED68ADD-BBDA-4485-BC76-58F011D72311", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp4:*:*:*:*:*:*", "matchCriteriaId": "17D4B6F2-514D-4BC2-B2C5-4E2FCCAC594C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_desktop:12:*:*:*:*:*:*:*", "matchCriteriaId": "F1EB0F28-F23A-4969-8A3E-66DA2EFA40C3", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_workstation_extension:12:*:*:*:*:*:*:*", "matchCriteriaId": "9DFA18B6-2642-470A-A350-68947529EE5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n descubierta en la implementaci\u00f3n de la clase DisplayObject en el ActionScript (AS3) en Adobe Flash Player 13.x hasta 13.0.0.302 en Windows y en OS X, 14.x hasta 18.0.0.203 en Windows y en OS X, 11.x hasta 11.2.202.481 en Linux, y en 12.x hasta 18.0.0.204 en las intalaciones de Google Chorme en Linux permite a atacantes remotos ejecutar c\u00f3digo arbitrario o causar denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) hasta contenido Flash manipulado que aprovecha el manejo inadecuado de la propiedad opaqueBackground, tal y como fue utilizado activamente en julio de 2015."}], "evaluatorComment": "<a href=\"http://cwe.mitre.org/data/definitions/416.html\" rel=\"nofollow\">CWE-416: Use After Free</a>", "id": "CVE-2015-5122", "lastModified": "2025-02-14T16:09:11.280", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2015-07-14T10:59:00.213", "references": [{"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html"}, {"source": "psirt@adobe.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"source": "psirt@adobe.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/338736"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75712"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032890"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://perception-point.io/new/breaking-cfi.php"}, {"source": "psirt@adobe.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201508-01"}, {"source": "psirt@adobe.com", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/37599/"}, {"source": "psirt@adobe.com", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00028.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00029.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00032.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://marc.info/?l=bugtraq&m=144050155601375&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "http://packetstormsecurity.com/files/132663/Adobe-Flash-opaqueBackground-Use-After-Free.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1235.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/338736"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.rapid7.com/db/modules/exploit/multi/browser/adobe_flash_opaque_background_uaf"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/75712"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032890"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.us-cert.gov/ncas/alerts/TA15-195A"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04796784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04952467"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsa15-04.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Vendor Advisory"], "url": "https://helpx.adobe.com/security/products/flash-player/apsb15-18.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://perception-point.io/2018/04/11/breaking-cfi-cve-2015-5122-coop/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://perception-point.io/new/breaking-cfi.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201508-01"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/37599/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html"}], "sourceIdentifier": "psirt@adobe.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2015:1235", "cpe": "cpe:/a:redhat:rhel_extras:5", "package": "flash-plugin-0:11.2.202.491-1.el5", "product_name": "Red Hat Enterprise Linux 5 Supplementary", "release_date": "2015-07-16T00:00:00Z"}, {"advisory": "RHSA-2015:1235", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "flash-plugin-0:11.2.202.491-1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-07-16T00:00:00Z"}], "bugzilla": {"description": "flash-plugin: two code execution issues in APSA15-04 / APSB15-18", "id": "1242216", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1242216"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["Use-after-free vulnerability in the DisplayObject class in the ActionScript 3 (AS3) implementation in Adobe Flash Player 13.x through 13.0.0.302 on Windows and OS X, 14.x through 18.0.0.203 on Windows and OS X, 11.x through 11.2.202.481 on Linux, and 12.x through 18.0.0.204 on Linux Chrome installations allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted Flash content that leverages improper handling of the opaqueBackground property, as exploited in the wild in July 2015."], "name": "CVE-2015-5122", "public_date": "2015-07-10T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-5122\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-5122\nhttps://helpx.adobe.com/security/products/flash-player/apsa15-04.html\nhttps://helpx.adobe.com/security/products/flash-player/apsb15-18.html\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "threat_severity": "Critical"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

Exploitation active

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object